Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I've been hijacked AGAIN! [RESOLVED]

Started by hagerzgrl , Jul 17 2005 10:50 PM

  • This topic is locked This topic is locked

#1
hagerzgrl
Posted 17 July 2005 - 10:50 PM

hagerzgrl

    Member

  • Member
  • PipPip
  • 24 posts
I've run all the removal tools as suggested by your staff and still have all this junk on my browser window and desktop icons that can't be removed either. And am getting popups now as I type this. My popup blockers are activated. Please help me!!!
Here's my hijackthis log. The startup page www.thedotcomteam.com is legit and I need that.

Thanks,
Hagerzgrl


Logfile of HijackThis v1.99.1
Scan saved at 11:31:31 PM, on 7/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\quickenw\QAGENT.EXE
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\SIERRA\CardStudio\PLNRnote.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Lynne\My Documents\LYN'S PLACE\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thedotcomteam.com/
O2 - BHO: (no name) - {1054B6DD-E6A5-9B11-503C-8EC281C5313E} - C:\DOCUME~1\AARON'~1\APPLIC~1\ONESET~1\sendroam.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\quickenw\QAGENT.EXE
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Debug blue that test] C:\Documents and Settings\All Users\Application Data\Bolt Meow Debug Blue\Cool slow.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {3B566882-AC7A-4D57-8B8F-C8E03D984D92} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O12 - Plugin for .MTD: C:\Program Files\Internet Explorer\Plugins\npmusicn.dll
O16 - DPF: Tornado 21 - http://download.game...s/y/t21t0_x.cab
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {10C9072D-2FF3-4AF8-882E-7974B1BF2729} (ChatCLientDownloadCtrl Class) - http://download.howu...wnload/ccdl.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/do...trap/iegils.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.reflexive...bGameLoader.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howu...nload/appdl.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.arcadetow...mjolauncher.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildt...lade/wtinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security3.nor...c/bin/cabsa.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://sympatico.zon...WebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF763C64-82F2-4095-918F-C1D80CEB0D90}: NameServer = 167.142.225.3,167.142.225.5
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements

#2
kool808
Posted 22 July 2005 - 09:05 PM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Hello and welcome to Geeks to Go! :tazz: I'm kool808 and I will be helping you today.

I am working on your log. As soon as I made a good fix for this, I will post a reply. Thank you for your patience.
  • 0

#3
kool808
Posted 22 July 2005 - 09:10 PM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Download L2mfix from either of these two locations:

Location 1: HERE
Location 2: HERE

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Edited by kool808, 22 July 2005 - 09:12 PM.

  • 0

#4
hagerzgrl
Posted 23 July 2005 - 09:12 AM

hagerzgrl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I hope this helps..... :tazz:


L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{6ec2e0e3-1116-4d47-b0c2-5bdaf4e4c308}"="eFax Messenger Plus - Shell Extension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
browseui.dll Mon May 2 2005 3:52:34p A.... 1,019,904 996.00 K
cdfview.dll Mon May 2 2005 3:52:34p A.... 151,040 147.50 K
cdm.dll Thu May 26 2005 4:16:24a A.... 75,544 73.77 K
hhsetup.dll Thu May 26 2005 9:04:28p A.... 41,472 40.50 K
icm32.dll Tue Jun 28 2005 8:46:00p A.... 254,976 249.00 K
iepeers.dll Mon May 2 2005 3:52:34p A.... 250,880 245.00 K
inseng.dll Mon May 2 2005 3:52:34p A.... 96,256 94.00 K
itircl.dll Thu May 26 2005 9:04:28p A.... 155,136 151.50 K
itss.dll Thu May 26 2005 9:04:28p A.... 137,216 134.00 K
iuengine.dll Thu May 26 2005 4:16:24a A.... 198,424 193.77 K
legitc~1.dll Mon Jun 6 2005 11:29:58a A.... 459,016 448.26 K
mscms.dll Tue Jun 28 2005 8:46:00p A.... 74,240 72.50 K
mshtml.dll Mon May 2 2005 3:52:36p A.... 3,012,608 2.87 M
mshtmled.dll Mon May 2 2005 3:52:36p A.... 448,512 438.00 K
msi.dll Wed May 4 2005 2:45:32p A.... 2,890,240 2.75 M
msrating.dll Mon May 2 2005 3:52:36p A.... 146,432 143.00 K
pngfilt.dll Mon May 2 2005 3:52:36p A.... 39,424 38.50 K
shdocvw.dll Mon May 2 2005 3:52:36p A.... 1,483,776 1.41 M
shlwapi.dll Mon May 2 2005 3:52:36p A.... 473,600 462.50 K
urlmon.dll Mon May 2 2005 3:52:36p A.... 607,744 593.50 K
wininet.dll Mon May 2 2005 3:52:36p A.... 657,920 642.50 K
wuapi.dll Thu May 26 2005 4:16:30a A.... 465,176 454.27 K
wuaueng.dll Thu May 26 2005 4:16:30a A.... 1,343,768 1.28 M
wuaueng1.dll Thu May 26 2005 4:16:30a A.... 194,328 189.77 K
wucltui.dll Thu May 26 2005 4:16:30a A.... 127,256 124.27 K
wups.dll Thu May 26 2005 4:16:30a A.... 41,240 40.27 K
wups2.dll Thu May 26 2005 4:16:30a A.... 18,200 17.77 K
wuweb.dll Thu May 26 2005 4:16:30a A.... 173,536 169.47 K
xpsp3res.dll Mon May 16 2005 7:25:36p ..... 15,360 15.00 K

29 items found: 29 files, 0 directories.
Total of file sizes: 15,053,224 bytes 14.36 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is E4B9-42B6

Directory of C:\WINDOWS\System32

06/29/2005 03:21 PM <DIR> dllcache
11/18/2003 10:03 AM 200,704 archlib.dll
01/06/2002 11:06 AM <DIR> Microsoft
1 File(s) 200,704 bytes
2 Dir(s) 26,130,329,600 bytes free
  • 0

#5
kool808
Posted 23 July 2005 - 03:55 PM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Please SAVE THIS PAGE or secure a PRINT COPY of the instructions for reference.
++++++++++++++++++++++++++++++++++++++++++++

Quite often Windows O/S's may not be able to see hidden DLL files that may be spyware related. Option^Explicit has come up with a way to scan any version of Windows for these files.
  • Please download dllcompare (A scanner to locate hidden DLL files) from either of the following locations:
  • When you execute dllcompare.exe, by default the c:\windows\system32 is selected. This can be changed to scan you entire computer for any file type - Simply select the path and check off the box labelled "Include SubDirectories"
  • Click on "Locate.com" and allow the scan to complete.
  • After the scan has finished click on "Compare" to scan for the files that Windows does not see. This step will take a few minutes to run.
  • If the box at the bottom of the screen contains any files, these are the ones that are hidden - Click on "Make a Log of what was Found".
  • When prompted to "View Log File" click on "Yes".
  • Notepad will open with the log file contents.
  • In Notepad, click on "Edit" => "Select All" => "Edit" = "Copy" and post the contents as a reply to this message.
There are no function in the program to alter the O/S as it is just a scanner at this point.
++++++++++++++++++++++++++++++++++++++++++++

Please download RootKitRevealer from here:
http://www.sysinternals.com/files/rootkitrevealer.zip
Unzip it to the desktop, run it, and click Scan. This will generate a log file; please post the entire contents of the log file here for me to see.

Edited by kool808, 23 July 2005 - 03:56 PM.

  • 0

#6
hagerzgrl
Posted 24 July 2005 - 01:10 AM

hagerzgrl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Well........I attempted to download from the two links that you provided for the dllcompare.exe but I kept getting an error 404 page with each link and I tried several times. :tazz:

Downloaded the RootKitRevealer, did the scan but am unable to copy and post the log file. ;)

What am I doing wrong? If I were Blonde, then at least I would have an excuse!!
  • 0

#7
kool808
Posted 24 July 2005 - 01:27 AM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
The brinkster.com link is working try it. The rootkitrevealer is very important. You must obtain the log, be sure you are not running it from the ZIP file, you must extract it out.

Let us try doing this again.
  • 0

#8
hagerzgrl
Posted 24 July 2005 - 12:17 PM

hagerzgrl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I'm still not able to access the brinkster.com link. I even typed in the address but still no luck!!! But was able to retrieve the rootitrevealer log file....

HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 7/24/2005 12:51 AM 80 bytes Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\Lynne\Local Settings\Temporary Internet Files\Content.IE5\6P8FADE1\Dive_Gear[1].: 11/5/2003 8:39 PM 10.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{9B63DB6C-09C2-4F05-879C-DEB19A86EF40}\RP441\A0038370.INI 7/23/2005 3:40 PM 106 bytes Visible in directory index, but not Windows API or MFT.
  • 0

#9
kool808
Posted 24 July 2005 - 04:20 PM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Please RIGHT-CLICK HERE to download Silent Runner's.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.


If ever the link to the DLL compare is already working please follow the previous procedures, then post the results together with Silent Runners.


  • 0

#10
hagerzgrl
Posted 24 July 2005 - 09:14 PM

hagerzgrl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"PlaxoUpdate" = "C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe -a" ["Plaxo"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"QAGENT" = "C:\Program Files\quickenw\QAGENT.EXE" [empty string]
"SM1BG" = "C:\WINDOWS\SM1BG.EXE" ["Cypress Semiconductor"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"ezShieldProtector for Px" = "C:\WINDOWS\System32\ezSP_Px.exe" ["Easy Systems Japan Ltd."]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"Lexmark X6100 Series" = ""C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"" ["Lexmark International, Inc."]
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."]
"Debug blue that test" = "C:\Documents and Settings\All Users\Application Data\Bolt Meow Debug Blue\Cool slow.exe" [null data]
"tcactive" = "C:\Program Files\The Cleaner\tca.exe" ["MooSoft Development"]
"tcmonitor" = "C:\Program Files\The Cleaner\tcm.exe" ["MooSoft Development"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{6ec2e0e3-1116-4d47-b0c2-5bdaf4e4c308}" = "eFax Messenger Plus - Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\eFax Messenger Plus 3.3\J2GShell.dll" ["j2 Global Communications, Inc."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
HotShellExt\(Default) = "{6EC2E0E3-1116-4d47-B0C2-5BDAF4E4C308}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\eFax Messenger Plus 3.3\J2GShell.dll" ["j2 Global Communications, Inc."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
TDS-3\(Default) = "{E8ADA3E1-CE9B-44A0-A165-997304EF4E18}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\tds3shl.dll" [empty string]
TheCleaner\(Default) = "{2DE506B9-4320-11d3-8E42-002035221EDA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\The Cleaner\tcshellex.dll" ["MooSoft Development"]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
TDS-3\(Default) = "{E8ADA3E1-CE9B-44A0-A165-997304EF4E18}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\tds3shl.dll" [empty string]
TheCleaner\(Default) = "{2DE506B9-4320-11D3-8E42-002035221EDA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\The Cleaner\tcshellex.dll" ["MooSoft Development"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
TheCleaner\(Default) = "{2DE506B9-4320-11D3-8E42-002035221EDA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\The Cleaner\tcshellex.dll" ["MooSoft Development"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Lynne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmypics.scr" [MS]


Startup items in "Lynne" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Event Planner Reminders Tray Icon" -> shortcut to: "C:\SIERRA\CardStudio\PLNRnote.exe" ["Sierra Online, Inc."]


Enabled Scheduled Tasks:
------------------------

"A72DF3CB918A6DDB" -> launches: "c:\progra~1\suppor~1\axismodebird.exe" [file not found]
"AD8EB6AB91852A17" -> launches: "c:\progra~1\suppor~1\axismodebird.exe" [file not found]
"Disk Cleanup" -> launches: "C:\WINDOWS\system32\cleanmgr.exe" [MS]
"disk degragmenter" -> launches: "C:\WINDOWS\system32\dfrg.msc" [null data]
"Norton AntiVirus - Scan my computer - Lynne" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Registration reminder 1" -> launches: "C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:1" [MS]
"Registration reminder 2" -> launches: "C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:2" [MS]
"Registration reminder 3" -> launches: "C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:3" [MS]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{A983E330-5099-E68B-2044-4D05D71FFC76}" = "Love Stupid" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ONESET~1\GLOBAL README.dll" [file not found]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll" [MS]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."]

{9455301C-CF6B-11D3-A266-00C04F689C50}\ = "Encarta &Researcher" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL" [MS]

{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKCU\Software\Microsoft\Internet Explorer\Extensions\
{3B566882-AC7A-4D57-8B8F-C8E03D984D92}\
"ButtonText" = "Support"
"Exec" = "C:\Program Files\Internet Explorer\SIGNUP\Presario.htm" [null data]

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{AFC3FA82-AD07-45CD-8B57-983435B9899E}\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:\Program Files\ewido\security suite\ewidoguard.exe" ["ewido networks"]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
iPod Service, iPodService, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
ISSvc, ISSVC, ""C:\Program Files\Norton Internet Security\ISSVC.exe"" ["Symantec Corporation"]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
PCTEL Speaker Phone, Pctspk, "C:\WINDOWS\system32\pctspk.exe" ["PCtel, Inc."]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
Virtual NIC Service, PackethSvc, "C:\WINDOWS\System32\PackethSvc.exe" ["America Online, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 154 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 22 seconds.
---------- (total run time: 217 seconds)
  • 0

Advertisements

#11
kool808
Posted 25 July 2005 - 04:02 AM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts

Looking good except for this Love Stupid!

  • Open HijackThis
  • go to Config, then Misc Tools
  • Open Uninstall Manager, then click Save List...
  • Post the results here
  • close HJT
  • Open up the MS-DOS Prompt
  • type in cd\
  • cd progra~1 or cd program files
  • dir *.* >> c:\pflist.txt
  • exit
  • In your windows explorer locate c:\pflist.txt
  • post the results here

  • 0

#12
hagerzgrl
Posted 25 July 2005 - 08:30 AM

hagerzgrl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
HJT saved list you wanted. Will do another post with MS-DOS Prompt.

Accoona Toolbar 1.0
Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0
America Online
AOL Instant Messenger
Broderbund Media Manager
Business Cards
CC_ccProxyExt
ccCommon
ccPxyCore
CleanUp!
Coke Polar bears theme by moose
Color Code
Coloreal
Command & Conquer Generals
Command & Conquer Renegade
Command and ConquerTM Generals Zero Hour
Compaq Advisor
Compaq Wallpaper
Compaq WinDVD
CompuServe 2000
Conference Client Uninstall
Convoy
Counter-Strike: Condition Zero
Cypress USB Mass Storage Driver Installation
desktop weather
DiamondCS TDS-3
EA.com Update
EACOM Game Installer
eFax Messenger Plus 3.3
Electronic Arts Game Updater
Encarta Online
ewido security suite
Finale NotePad 2005a
GameSpy Arcade
GCN
Half-Life
Hallmark Card Studio
Hardwood Solitaire III Lite
Hearts
HijackThis 1.99.1
Hoyle Casino 5
Hoyle Word Games 2
hp instant support
HP Photo and Imaging 1.1 - Photosmart Cameras
HyperLoad
Illusion
InterActual Player
InterVideo Installer
iPod Updater 2004-08-06
iTunes
LaserAge
Lernout & Hauspie TruVoice American English TTS Engine
Lexmark X6100 Series
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Shockwave Player
Mail List Deluxe
Medal of Honor Allied Assault
MediaFACE II
Microsoft Data Access Components KB870669
Microsoft Encarta Reference Library 2003
Microsoft Speech Recognition Engine 4.0 (English)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Script Host
Microsoft Works 6.0
Monopoly
MS Access 97 SP2
MSN Gaming Zone
MSN Messenger 7.0
MSN Music Assistant
MSN Toolbar
MSRedist
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton WMI Update
Norton WMI Update
NVIDIA Display Driver
OpenMG Limited Patch 3.4-04-16-16-01
OpenMG Secure Module 3.4.01
Photo Match All
Plaxo
Print Center Deluxe
Print to Fax
Quicken 2002 New User Edition
QuickTime
RealPlayer Basic
Renegade Desktop Themepack
RSNet EDN (remove only)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Shockwave
Sierra Utilities
SierraHome Print Artist 12.0
SimCity 3000 Unlimited
SimCity 4 Deluxe
Soldier of Fortune II - Double Helix
SoundMAX2
SPBBC
SpyBot - Search & Destroy 1.1
Spybot - Search & Destroy 1.3.1 TX
SpywareBlaster v3.4
Super Rebound 3
Symantec Script Blocking Installer
SymNet
Teach Me Guitar v1.03
The Cleaner
The Print Shop
The Red Violin
Tom Clancy's Splinter Cell
Ulead Photo Express 3.0 SE
Update for Windows XP (KB898461)
USB Storage Adapter FX (SM1)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual Basic 4 (32 bit) Runtime Modules
Westwood Shared Internet Components
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Address AutoComplete
Yahoo! Companion
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Photos Easy Upload Tool 1v4
  • 0

#13
kool808
Posted 25 July 2005 - 09:06 AM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
I will wait for the program list files before we proceed with the next steps. :tazz:
  • 0

#14
hagerzgrl
Posted 25 July 2005 - 09:32 AM

hagerzgrl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
here's the pflist.txt...

Volume in drive C has no label.
Volume Serial Number is E4B9-42B6

Directory of C:\Program Files

07/25/2005 08:44 AM <DIR> .
07/25/2005 08:44 AM <DIR> ..
12/27/2004 07:14 PM <DIR> ABBYY FineReader 6.0
06/28/2005 10:29 PM <DIR> Accoona
04/02/2005 03:44 PM <DIR> Adobe
06/13/2005 01:10 PM <DIR> AIM
08/08/2004 10:31 PM <DIR> America Online 6.0
12/13/2001 04:09 AM <DIR> Analog Devices
09/29/2004 02:57 PM <DIR> AOD
06/14/2004 11:15 AM <DIR> AWS
05/13/2002 09:13 PM <DIR> BearPaw 1200CS
11/01/2002 06:21 PM <DIR> Broderbund
07/19/2005 10:45 AM <DIR> CleanUp!
07/22/2002 08:43 AM <DIR> Color Code
07/25/2005 08:44 AM <DIR> Common Files
10/15/2004 08:36 AM <DIR> COMPAQ
12/30/2004 10:45 AM <DIR> Compaq IJ650 Inkjet Printer
12/13/2001 03:44 AM <DIR> ComPlus Applications
12/13/2001 04:17 AM <DIR> CompuServe 2000
12/13/2001 04:18 AM <DIR> CpqFeatures
07/03/2002 09:51 AM <DIR> desktop weather
03/08/2003 05:19 PM <DIR> directx
03/28/2005 07:17 PM <DIR> Dropheads
09/28/2003 07:49 PM <DIR> EA GAMES
04/01/2002 02:19 PM <DIR> EA SPORTS
07/27/2002 02:24 PM <DIR> EACom
01/31/2005 11:41 PM <DIR> eFax Messenger Plus 3.3
03/28/2005 07:34 PM <DIR> eGames
07/12/2005 07:02 PM <DIR> ewido
03/30/2002 08:13 PM <DIR> Expert Software
06/28/2005 10:29 PM <DIR> FileSubmit
07/19/2005 10:47 PM <DIR> Finale NotePad 2005a
06/28/2004 12:09 AM <DIR> FreshGames
11/25/2004 11:34 PM <DIR> GameHouse
12/17/2004 10:44 PM <DIR> GameSpy Arcade
08/23/2004 07:06 PM <DIR> GCN
09/25/2004 06:19 PM <DIR> GhostSurf
11/16/2004 05:22 PM <DIR> Gold Miner
07/30/2003 06:16 PM <DIR> Hasbro Interactive
12/26/2002 06:57 PM <DIR> Hewlett-Packard
06/22/2003 02:26 PM <DIR> Hexacto Games
10/06/2002 03:43 PM <DIR> InterActual
12/30/2004 05:17 PM <DIR> interMute
06/15/2005 10:30 PM <DIR> Internet Explorer
02/04/2005 08:35 PM <DIR> iPod
02/04/2005 08:35 PM <DIR> iTunes
08/22/2004 12:42 PM <DIR> iWin.com
07/18/2005 11:27 PM <DIR> Lavasoft
06/03/2003 09:30 AM <DIR> Lavasoft Ad-Aware
03/15/2005 12:46 AM <DIR> Lemonade Tycoon 2
12/27/2004 07:11 PM <DIR> Lexmark X6100 Series
06/26/2002 12:27 PM <DIR> LucasArts
02/23/2004 08:26 PM <DIR> Maxis
06/16/2004 03:59 PM <DIR> MediaFACE II
02/12/2005 03:12 PM <DIR> Messenger
04/13/2004 09:54 AM <DIR> Microsoft Encarta
12/13/2001 03:47 AM <DIR> microsoft frontpage
01/06/2002 02:20 PM <DIR> Microsoft Office
12/13/2001 04:18 AM <DIR> Microsoft Reference
03/31/2002 07:56 PM <DIR> Microsoft Windows Script
04/02/2002 11:35 PM <DIR> Microsoft Works
08/21/2004 04:51 PM <DIR> Movie Maker
09/01/2003 02:19 PM <DIR> MSN
03/15/2005 12:47 AM <DIR> MSN Games
07/15/2005 06:04 PM <DIR> MSN Gaming Zone
06/08/2005 08:25 PM <DIR> MSN Messenger
04/20/2004 04:03 PM <DIR> MSN Toolbar
10/13/2004 03:31 PM <DIR> MsnMusic
08/21/2004 04:45 PM <DIR> NetMeeting
12/13/2001 04:17 AM <DIR> Netscape
07/18/2005 06:26 PM <DIR> Norton Internet Security
07/15/2004 03:08 PM <DIR> NoteWorthy Composer
10/15/2004 08:05 AM <DIR> one settings tray
12/13/2001 03:45 AM <DIR> Online Services
08/21/2004 04:44 PM <DIR> Outlook Express
04/16/2004 01:47 PM <DIR> Panicware
07/25/2005 08:47 AM <DIR> Plaxo
05/11/2002 04:05 PM <DIR> Plus!
09/20/2003 09:17 AM <DIR> Pogo Games
03/19/2005 12:33 PM <DIR> PopCap Games
07/05/2005 09:08 AM <DIR> quickenw
02/04/2005 08:35 PM <DIR> QuickTime
07/12/2005 01:44 PM <DIR> Ratbag
12/13/2001 04:15 AM <DIR> Real
10/21/2004 09:10 PM <DIR> ReflexiveArcade
12/16/2002 10:54 PM <DIR> RSNet
03/31/2002 07:46 PM <DIR> Sienna
06/14/2004 11:12 PM <DIR> Sierra On-Line
03/04/2003 12:22 AM <DIR> Soldier of Fortune II - Double Helix
06/14/2004 10:41 AM <DIR> Sony
07/19/2005 10:36 AM <DIR> Spybot - Search & Destroy
04/16/2004 11:47 AM <DIR> Spybot - Search & Destroy 1.1
07/24/2005 12:30 PM <DIR> SpywareBlaster
12/03/2004 04:28 PM <DIR> Sqwire
12/13/2001 04:09 AM <DIR> Staccato
11/05/2002 06:16 PM <DIR> Super Rebound 3
07/17/2005 05:28 PM <DIR> Supportwaybend
03/07/2005 10:53 PM <DIR> Symantec
11/17/2004 11:19 PM <DIR> SymNetDrv
02/03/2004 03:46 PM <DIR> Target Soft
07/19/2005 07:15 PM <DIR> TDS3
07/25/2005 08:45 AM <DIR> The Cleaner
05/02/2003 07:13 PM <DIR> TryMedia
07/27/2003 11:24 AM <DIR> Ubi Soft
05/13/2002 09:27 PM <DIR> Ulead Systems
07/30/2004 04:06 PM <DIR> Viewpoint
12/25/2002 10:32 AM <DIR> Voyetra
10/28/2002 11:30 PM <DIR> Web Publish
10/13/2004 03:33 PM <DIR> Windows Media Player
08/21/2004 04:44 PM <DIR> Windows NT
04/29/2002 08:01 PM <DIR> WON
05/30/2003 12:05 PM <DIR> WorldWinner Tournaments
12/13/2001 03:47 AM <DIR> xerox
06/16/2004 07:21 PM <DIR> Yahoo!
07/12/2005 01:43 PM <DIR> Yahoo! Games
0 File(s) 0 bytes
115 Dir(s) 26,113,175,552 bytes free
Volume in drive C has no label.
Volume Serial Number is E4B9-42B6

Directory of C:\Program Files

07/25/2005 08:44 AM <DIR> .
07/25/2005 08:44 AM <DIR> ..
12/27/2004 07:14 PM <DIR> ABBYY FineReader 6.0
06/28/2005 10:29 PM <DIR> Accoona
04/02/2005 03:44 PM <DIR> Adobe
06/13/2005 01:10 PM <DIR> AIM
08/08/2004 10:31 PM <DIR> America Online 6.0
12/13/2001 04:09 AM <DIR> Analog Devices
09/29/2004 02:57 PM <DIR> AOD
06/14/2004 11:15 AM <DIR> AWS
05/13/2002 09:13 PM <DIR> BearPaw 1200CS
11/01/2002 06:21 PM <DIR> Broderbund
07/19/2005 10:45 AM <DIR> CleanUp!
07/22/2002 08:43 AM <DIR> Color Code
07/25/2005 08:44 AM <DIR> Common Files
10/15/2004 08:36 AM <DIR> COMPAQ
12/30/2004 10:45 AM <DIR> Compaq IJ650 Inkjet Printer
12/13/2001 03:44 AM <DIR> ComPlus Applications
12/13/2001 04:17 AM <DIR> CompuServe 2000
12/13/2001 04:18 AM <DIR> CpqFeatures
07/03/2002 09:51 AM <DIR> desktop weather
03/08/2003 05:19 PM <DIR> directx
03/28/2005 07:17 PM <DIR> Dropheads
09/28/2003 07:49 PM <DIR> EA GAMES
04/01/2002 02:19 PM <DIR> EA SPORTS
07/27/2002 02:24 PM <DIR> EACom
01/31/2005 11:41 PM <DIR> eFax Messenger Plus 3.3
03/28/2005 07:34 PM <DIR> eGames
07/12/2005 07:02 PM <DIR> ewido
03/30/2002 08:13 PM <DIR> Expert Software
06/28/2005 10:29 PM <DIR> FileSubmit
07/19/2005 10:47 PM <DIR> Finale NotePad 2005a
06/28/2004 12:09 AM <DIR> FreshGames
11/25/2004 11:34 PM <DIR> GameHouse
12/17/2004 10:44 PM <DIR> GameSpy Arcade
08/23/2004 07:06 PM <DIR> GCN
09/25/2004 06:19 PM <DIR> GhostSurf
11/16/2004 05:22 PM <DIR> Gold Miner
07/30/2003 06:16 PM <DIR> Hasbro Interactive
12/26/2002 06:57 PM <DIR> Hewlett-Packard
06/22/2003 02:26 PM <DIR> Hexacto Games
10/06/2002 03:43 PM <DIR> InterActual
12/30/2004 05:17 PM <DIR> interMute
06/15/2005 10:30 PM <DIR> Internet Explorer
02/04/2005 08:35 PM <DIR> iPod
02/04/2005 08:35 PM <DIR> iTunes
08/22/2004 12:42 PM <DIR> iWin.com
07/18/2005 11:27 PM <DIR> Lavasoft
06/03/2003 09:30 AM <DIR> Lavasoft Ad-Aware
03/15/2005 12:46 AM <DIR> Lemonade Tycoon 2
12/27/2004 07:11 PM <DIR> Lexmark X6100 Series
06/26/2002 12:27 PM <DIR> LucasArts
02/23/2004 08:26 PM <DIR> Maxis
06/16/2004 03:59 PM <DIR> MediaFACE II
02/12/2005 03:12 PM <DIR> Messenger
04/13/2004 09:54 AM <DIR> Microsoft Encarta
12/13/2001 03:47 AM <DIR> microsoft frontpage
01/06/2002 02:20 PM <DIR> Microsoft Office
12/13/2001 04:18 AM <DIR> Microsoft Reference
03/31/2002 07:56 PM <DIR> Microsoft Windows Script
04/02/2002 11:35 PM <DIR> Microsoft Works
08/21/2004 04:51 PM <DIR> Movie Maker
09/01/2003 02:19 PM <DIR> MSN
03/15/2005 12:47 AM <DIR> MSN Games
07/15/2005 06:04 PM <DIR> MSN Gaming Zone
06/08/2005 08:25 PM <DIR> MSN Messenger
04/20/2004 04:03 PM <DIR> MSN Toolbar
10/13/2004 03:31 PM <DIR> MsnMusic
08/21/2004 04:45 PM <DIR> NetMeeting
12/13/2001 04:17 AM <DIR> Netscape
07/18/2005 06:26 PM <DIR> Norton Internet Security
07/15/2004 03:08 PM <DIR> NoteWorthy Composer
10/15/2004 08:05 AM <DIR> one settings tray
12/13/2001 03:45 AM <DIR> Online Services
08/21/2004 04:44 PM <DIR> Outlook Express
04/16/2004 01:47 PM <DIR> Panicware
07/25/2005 08:47 AM <DIR> Plaxo
05/11/2002 04:05 PM <DIR> Plus!
09/20/2003 09:17 AM <DIR> Pogo Games
03/19/2005 12:33 PM <DIR> PopCap Games
07/05/2005 09:08 AM <DIR> quickenw
02/04/2005 08:35 PM <DIR> QuickTime
07/12/2005 01:44 PM <DIR> Ratbag
12/13/2001 04:15 AM <DIR> Real
10/21/2004 09:10 PM <DIR> ReflexiveArcade
12/16/2002 10:54 PM <DIR> RSNet
03/31/2002 07:46 PM <DIR> Sienna
06/14/2004 11:12 PM <DIR> Sierra On-Line
03/04/2003 12:22 AM <DIR> Soldier of Fortune II - Double Helix
06/14/2004 10:41 AM <DIR> Sony
07/19/2005 10:36 AM <DIR> Spybot - Search & Destroy
04/16/2004 11:47 AM <DIR> Spybot - Search & Destroy 1.1
07/24/2005 12:30 PM <DIR> SpywareBlaster
12/03/2004 04:28 PM <DIR> Sqwire
12/13/2001 04:09 AM <DIR> Staccato
11/05/2002 06:16 PM <DIR> Super Rebound 3
07/17/2005 05:28 PM <DIR> Supportwaybend
03/07/2005 10:53 PM <DIR> Symantec
11/17/2004 11:19 PM <DIR> SymNetDrv
02/03/2004 03:46 PM <DIR> Target Soft
07/19/2005 07:15 PM <DIR> TDS3
07/25/2005 08:45 AM <DIR> The Cleaner
05/02/2003 07:13 PM <DIR> TryMedia
07/27/2003 11:24 AM <DIR> Ubi Soft
05/13/2002 09:27 PM <DIR> Ulead Systems
07/30/2004 04:06 PM <DIR> Viewpoint
12/25/2002 10:32 AM <DIR> Voyetra
10/28/2002 11:30 PM <DIR> Web Publish
10/13/2004 03:33 PM <DIR> Windows Media Player
08/21/2004 04:44 PM <DIR> Windows NT
04/29/2002 08:01 PM <DIR> WON
05/30/2003 12:05 PM <DIR> WorldWinner Tournaments
12/13/2001 03:47 AM <DIR> xerox
06/16/2004 07:21 PM <DIR> Yahoo!
07/12/2005 01:43 PM <DIR> Yahoo! Games
0 File(s) 0 bytes
115 Dir(s) 26,113,159,168 bytes free
  • 0

#15
kool808
Posted 25 July 2005 - 04:54 PM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Reboot in SAFE MODE. (How to boot in Safe Mode...)
  • Uninstallation
    We need to uninstall the following programs:
  • Go to Control Panel > Add/Remove Programs
  • Please locate if they exist
    • Accoona Toolbar 1.0
  • Click Uninstall
  • Confirm with OK
Be sure to View Hidden and System Files.

Through Windows Explorer, delete the following folder(s) or files(s) if they exist (in bold):
  • C:\Program Files\Accoona
  • C:\Program Files\Sqwire
Finally, Empty Recycle Bin

Through MS DOS Prompt locate this C:\Program Files\one settings tray\ or C:\PROGRA~1\ONESET~1\, once you are in that folder type in

dir *.* >> c:\OST.txt
locate again this c:\ost.txt then post the results here.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP